Cybersecurity News

Orgs Adopt Healthcare Cybersecurity Tech to Keep Cyber Insurance Premiums Down

Surveyed healthcare cybersecurity leaders said they invested in MFA solutions and identity and access management tools to keep cyber insurance premiums down.

Orgs Adopt Healthcare Cybersecurity Tech to Keep Cyber Insurance Premiums Down

Source: Getty Images

By Jill McKeon

- Surveyed healthcare cybersecurity leaders reported leveraging multifactor authentication (MFA), identity and access management, and privileged access management (PAM) solutions in hopes of lessening the likelihood of a cyber insurance premium hike, a report from Imprivata conducted by WBR Insights found.

The survey of 200 healthcare security leaders revealed that the inability to maintain cyber insurance was one of the top-ranked security concerns among respondents in 2022, along with the risk of non-financially motivated cyberattacks and internal security breaches. In fact, 39 percent of respondents said that investing in cyber insurance was one of their top priorities for the year.

An Index Market Research report predicted that the global cyber insurance market would be valued at approximately $22.5 billion by 2030. In 2018, the market value of cyber insurance was $4.3 billion.

But the increased demand for cyber insurance and the uptick in cyberattacks and data breaches have also led to higher insurance costs, a 2021 US Government Accountability Office (GAO) report found.

"The extent to which cyber insurance will continue to be generally available and affordable remains uncertain," GAO noted.

"Despite the upward trend in take-up rates to date, insurer appetite and capacity for underwriting cyber risk has contracted more recently, especially in certain high-risk industry sectors such as health care and education and for public-sector entities."

According to Imprivata's report, 70 percent of survey respondents whose organizations already had cyber insurance reported that their premiums had increased between 11 and 50 percent within the past year. The cost of cyber insurance continues to climb along with cyber risk as insurers weigh the risks of providing coverage to an industry constantly facing data breaches and cyberattacks.

"Insurance companies typically raise premiums on specific accounts if they suffer an incident," the report noted. "However, they may also raise premiums due to an overall increase in security risks."

To keep premiums from climbing, 56 percent of organizations with cyber insurance policies said they adopted an MFA solution, and 54 percent of respondents said that their organization had developed an identity and access management strategy.

"However, with the current climate of cyber crimes, these numbers should be higher. At the very least, those organizations who have been able to secure cyber insurance may see decreased premiums, and at best, protect themselves from serious risk," the report continued.

Only 40 percent of respondents reported adopting a privileged access management solution, and just over a third of respondents said they had implemented more robust password policies.

Of the organizations that did not have cyber insurance coverage at all, 39 percent cited costly premiums as the reason, and 34 percent of respondents reasoned that the security guidelines set by insurers had become too stringent. Additionally, 20 percent of respondents reported believing that the coverage would not be sufficient, and 7 percent of respondents said they simply lacked the resources or budget to implement the security solutions required by insurers.

"These concerns are relevant, but insurance could be worth the investment considering the significant losses that could occur because of a cyber incident," the report suggested.

"To protect themselves, healthcare organizations should operate as if they are under constant threat from cyberattacks, and assume that they will experience an incident eventually."

The upfront costs associated with implementing new security solutions may be far less than the financial consequences of a data breach or cyberattack, researchers suggested. Furthermore, HIPAA requires organizations to implement a robust security architecture, including numerous administrative, physical, and technical safeguards.

"Individually, healthcare organizations must implement security measures to ensure their premiums stay low," the report explained.

"Digital identity verification, identity governance, access management, and protocols like MFA and PAM for internal and third parties are more frequently becoming requirements to even secure cyber insurance, let alone keep policy costs down."